Monday, October 21, 2013

Some Security Basics, aka "How To Fly A Computer"

This is adapted from a post I originally made on a Facebook group after two members started posting spam from their accounts.

Computer Security For Normal People:

1) Pick passwords with both letters and numbers. This is an easy way to protect yourself from bots that use simple automated attacks to guess your password. The first documented computer cracking case in 1986 involved a cracker who wrote a program that guessed passwords from a dictionary.

2) Make sure your email account's password is different. If someone can guess your password on your twitter account, he might try the same password on your bank account. Make sure your email password is different than every other password. It's not necessary to have a different password for every single website you use, but you should have more than one to protect yourself. For example, I have a "dumb" password for services that I don't plan on using more than once, a "secure" password for services where I care about privacy and people doing things with my name, and a "banking" password for services where getting the account cracked would be real-life inconvenient and require me to file paperwork.

3) Keep your computer's software up-to-date. If you're running Windows, then use Windows Update. Make sure you install all updates that are marked important, then change your Windows Update settings so that your computer automatically downloads your updates for you. If you're running a Mac, you should be fine unless you have trouble with #5.
Also make sure your web browser is always up-to-date. If you're using IE6 you're doing it wrong. Older versions of Flash and Java have security holes, make sure they are up-to-date too.

4) Use antivirus software. Microsoft distributes an excellent lightweight antivirus called Microsoft Security Essentials. Schedule your computer to scan itself monthly.

It's probably not the best idea to run two antiviruses on your computer. Use whatever one you have available. If your computer came with a trial version, it should be okay as long as the trial keeps its virus definitions up-to-date.
5) Don't run it if you don't know what it is. If your computer tells you it wants to run software and you don't know what it is, click No, click the X on the window, or press Escape. Do not download and run software from sources you do not trust or do not recognize.
If in doubt, Google things and do some research. Be wary of fake reviews, scammers are known to pay people to write tons of positive reviews to inflate their review scores and search rankings.
Look closely at the URLs of download links (right-click and copy the link into a new browser tab if you're not sure), it's common for scammers to register temporary short-URL sites on and similar sites. Only the last two parts of a domain count, "" is a bogus site.

 6) Check your plugins. One of the most common types of malware is web browser "toolbar" plugins. Check what plugins and extensions are installed on your web browser, and research any you don't recognize.
Facebook and Twitter now allow external apps which can get access to all of your personal information, and also can expose information about your friends. For Facebook, click Settings (the Gear icon in the upper-left)>Account Settings, then click the Apps tab on the left. For Twitter, click the Settings Icon (the gear)>Settings, then click the Apps tab on the left. If you see an app you don't recognize or don't use, it's probably best to remove it.

No comments:

Post a Comment